Security & trust
Your money. Fully protected.
We handle your business finances with the same rigour as the world's largest financial institutions-and then some.
FCA Authorised
FRN 987654
ISO 27001
Certified 2022
PCI DSS Level 1
Validated 2025
SOC 2 Type II
Report available on request
GDPR Compliant
ICO registered
FSCS Protected
Up to £85,000
Defence in depth
Multiple layers of protection.
AES-256 encryption
All data is encrypted at rest using AES-256. In transit, we enforce TLS 1.3 only-older protocols are rejected.
Real-time fraud detection
Every transaction is scored by our ML fraud engine in under 50ms. Suspicious transactions are blocked and you're alerted instantly.
Ringfenced client funds
Your money is held in segregated safeguarding accounts at Tier 1 UK banks, completely separate from Northbank's operational funds.
FSCS protection
Eligible deposits are protected under the Financial Services Compensation Scheme up to £85,000 per person.
Immutable audit logs
Every action in your account is recorded in tamper-proof, write-once logs. Exportable for compliance and forensic review.
MFA & biometric auth
Mandatory two-factor authentication with support for hardware keys (FIDO2), authenticator apps and biometrics.
DDoS & WAF protection
Our infrastructure is protected by enterprise-grade DDoS mitigation and a Web Application Firewall that blocks malicious traffic before it reaches our systems.
ISO 27001 certified
We hold ISO 27001 certification for our information security management system, independently audited annually.
Found a vulnerability?
We take security reports seriously and aim to respond within 24 hours. We operate a responsible disclosure programme and acknowledge researchers who help us improve.
Report a vulnerabilitySecurity questions
All primary infrastructure runs in UK-based data centres (AWS eu-west-2). We do not transfer data outside the UK or EEA without your consent.
We have a documented incident response plan. In the event of a breach, we'll notify affected customers within 72 hours as required by UK GDPR, and the ICO where required.
Enterprise customers can request penetration testing under a responsible disclosure agreement. Please contact our security team at security@northbank.co.uk.
All third-party vendors undergo security due diligence before onboarding. We hold contractual DPA agreements with all sub-processors and review them annually.